CVE-2019-0923Out-of-bounds Write in Microsoft Edge

CWE-787Out-of-bounds Write17 documents5 sources
Severity
7.5HIGHNVD
EPSS
4.2%
top 11.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft EdgeMicrosoft Edge ON Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Edge ON Windows 10 Version 1903 FOR Arm64-based Systems+1 more
Timeline
PublishedMay 16
Latest updateMar 29

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/microsoft_edge15 versions+14

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

15
OSV
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29
GHSA
Out-of-bounds write2021-03-29

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2019-05-14